Video of the Day

LightBlog

Post Top Ad

LightBlog
LightBlog

Thursday, June 27, 2024

Massive authentication vulnerability risks compromising much of the internet

Hacker on laptop

Another day, another newly discovered exploit. But this vulnerability has the potential to be a really big problem.

This week, Progress Software announced that it had discovered two new items for the common vulnerabilities and exposures (CVE) list of the enterprise product MOVEit Transfer, a popular way for businesses to securely transfer and exchange sensitive files and data. 

This most recent MOVEit vulnerability, known as CVE-2024-5806, allows hackers to bypass authentication protocols and access the potentially sensitive information being transferred.

While many readers may not be familiar with Progress Software or MOVEit, this vulnerability could result in serious consequences. As Ars Technica points out, a MOVEit vulnerability affected millions of people last year. Thousands of organizations, including the US Department of Energy and Shell, were compromised. The 2023 exploit's effects on the Canadian province of Ontario’s government birth registry alone left 3.4 million people compromised.

Currently, MOVEit is installed on as many as 2,700 networks globally. Bad actors, such as at least one ransomware gang, have already made attempts to exploit this most recent vulnerability, according to cybersecurity researchers with The Shadowserver Foundation and the security firm Censys.

Progress Software has since released a patch to close the exploit, which can be found here.



from Mashable https://ift.tt/LWkyGQx

No comments:

Post a Comment

LightBlog

We’ll never share your email address with a third-party.

Labels

LATEST POST

Labels